Secure Communications in Harsh Environments, Part 2

Posted: September 18, 2012 in Industry Commentary, Rethink Remote Access, VPN
Tags: , , , , , ,

Editor’s Note: This is part two in a three-part series on remote access in harsh environments. Part one of series details the emergence of harsh environment threats. 

By Patrick Oliver Graf, General Manager NCP engineering

Risks of Outdoor Access Points

Another common weak spot for all SCADA systems is their insufficiently secured remote access functionality. Through it, an attacker might be able to access and manipulate these components via a telnet or http connection. A lot of producers further facilitate hacking by “protecting” their systems with standard passwords the user can’t change — yet, it’s relatively easy for an attacker to figure out these hard-coded passwords.

On top of this, hackers particularly like systems that transfer data via wireless LAN connections. In fact, many companies currently use such outdoor Wi-Fi networks on their premises. And while security experts repeatedly advise Wi-Fi network users to secure their connections with encryption protocols, like WPA2, even this does not ensure absolute security. Moreover, it’s easy as searching for the Internet to find instructions and tools for hacking such access points. Generally, it takes just several hours to hack encrypted Wi-Fi networks. But especially with outdoor Wi-Fi systems, it is fairly easy for a hacker to record and assess data traffic with hardly any risk at all.

And the major problem is that a successful attack on controlling and regulating devices frequently makes other areas of the targeted corporate network vulnerable. This happens because there is no absolute separation between regulation and control networks and the corporate intranet. To put it bluntly, hackers who manage to access a PLC are also able to use the industrial Ethernet infrastructure and work their way through to customer or financial data.

 Stay tuned for the final post in this series in which Patrick offers a solution for dealing with harsh environment threats. 

Comments
  1. […] Editor’s Note: This is part three in a three-part series on remote access in harsh environments. Part one of series details the emergence of harsh environment threats, while part two covers the risks of outdoor access points.  […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s